Lemmy.world is temporarily disabling open signups and moving to an application-required signup process, due to ongoing issues with malicious bot accounts.

We know this is a major step to take, but we believe that it’s the right one for both us and our community right now.

We’re working on a better long-term technical solution to these bots, but that will take time to create, test, and verify that it doesn’t cause any problems with federation and how our users use our site, and we’d rather make sure we get it right than have a site that’s broken.

We’re making this change on 28 Aug 2023, and don’t have a specific timeline for how long registrations will require an application, but we will post an update once our new anti-abuse measures are in place and working.

Take care, LW Team

  • 520@kbin.social
    link
    fedilink
    arrow-up
    28
    arrow-down
    10
    ·
    edit-2
    1 year ago

    Big corps are more sociopathic than you realise. There are so many underhanded games going on at that level it will make your head spin.

    Big businesses indirectly and sometimes directly fund APT groups. They will buy things that give them anonymous access to competitor trade secrets, or fund attack campaigns against competitors. This sounds like the kind of attack campaign a competitor might launch as part of a one-two combo. This is the first part, the second part is to get editorials out there regarding how lemmy.world is full of CSAM.

    • pjhenry1216@kbin.social
      link
      fedilink
      arrow-up
      20
      arrow-down
      2
      ·
      1 year ago

      Nah. The risk greatly outweighs the reward. Even if this hits the news, I doubt it’d affect numbers on here that much, especially since it’s not that big. It’s not even big enough to cause issues for “competitors” (and I use the term lightly). The fediverse is simply not really ready to compete with established actors. So the “benefit” is quite small. The risk if they’re caught includes executives getting jail time and likely irreversible harm to their brand.

      • 520@kbin.social
        link
        fedilink
        arrow-up
        9
        arrow-down
        6
        ·
        edit-2
        1 year ago

        Nah. The risk greatly outweighs the reward.

        Does it? Standard dark web precautions are more than enough to throw any investigation into a dead end, especially for a one-off transaction with the buyer having little to no other activity.

        The fediverse is simply not really ready to compete with established actors.

        Yet. The Fediverse isn’t ready to compete yet. Business people aren’t looking purely at the present, they’ve got a keen eye on the foreseeable future too. If there is a growing momentum towards the fediverse, that can spell trouble for Reddit in 5 years time. The entire point of such an attack is to derail momentum on the platforms. By the time they are ready to compete, it’s much too late for this kind of attack to have any reasonable effect.

        • pjhenry1216@kbin.social
          link
          fedilink
          arrow-up
          1
          arrow-down
          2
          ·
          1 year ago

          The more intelligent solution is what Meta is doing with Threads. Not something like this. There’d be a lot more money blackmailing the company than to mess with CSAM.

          Big corps are a lot sneakier than something so blunt.

          • 520@kbin.social
            link
            fedilink
            arrow-up
            3
            ·
            1 year ago

            There’d be a lot more money blackmailing the company than to mess with CSAM.

            There isn’t a company to blackmail. You can’t treat the Fediverse as a competing company because it isn’t one. You have to treat it more like a movement, like Occupy Wall Street

            How do you derail a movement? You make sure the participants are slandered to the point that your accusations are the main things people on the outside remember of it. Mainstream Media did this with Occupy successfully.

            However this doesn’t work if your opponent is too big, too established or too well funded. Microsoft tried to do this with the Open Source Movement, but the latter was too well established and funded for it to work.

            Big corps are a lot sneakier than something so blunt.

            That’s the thing, they’re not being blunt at all. Literally anybody can pay for this kind of attack to happen and not even the service provider needs to know who the buyer is.

            The only thing that is needed now are media hitpieces about how federated services spread CSAM and you’ve got damage that could make the YouTube adpocalypse look small.

            • pjhenry1216@kbin.social
              link
              fedilink
              arrow-up
              1
              ·
              1 year ago

              Didn’t say blackmail the fediverse. I’m saying blackmail the company trying to spread CSAM.

              And again, you don’t derail a movement. You try to own it if you really care.

              But even then, it’s not worth it. XMPP has been “competing” for far longer and likely had more success up front than Lemmy or Kbin.

              You’re severely overestimating the potential here. And you’re severely overestimating how much a company would want to destroy it instead of exploiting any other success. There’s money to be lost in paying to derail it. There’s money to be made in exploiting it.

              • 520@kbin.social
                link
                fedilink
                arrow-up
                1
                ·
                edit-2
                1 year ago

                Didn’t say blackmail the fediverse. I’m saying blackmail the company trying to spread CSAM.

                Ohhhh okay. Gotcha. There is one tiny problem with this.

                On the Dark Web, you treat your identity like your password, you never give it out under any circumstances. And the norms in black markets reflect this, including the norms of transactions.

                That means the seller doesn’t know who the buyer is, and the buyer doesn’t know who the seller is, and the exchanging of such information is a serious fuck up. Sellers don’t want to know, as such knowledge can be a vehicle for the feds to charge them with a crime.

                Now sure, a bad seller could turn around and blackmail the company, but only if that information gets leaked. This can be surprisingly easy to do, as there are avenues of info leakage that will catch out newbies, but anyone actually experienced with dark net transfers knows the score: no screen sharing, vet all screenshots carefully, don’t use your real address for deliveries, don’t use your home (or work) connection for the transaction, etc.

                And again, you don’t derail a movement. You try to own it if you really care.

                Don’t know what you mean by own here. Control? Maybe but that depends on your own position and what benefits you.

                But even then, it’s not worth it. XMPP has been “competing” for far longer and likely had more success up front than Lemmy or Kbin.

                XMPP is an IM standard, is it not? What that does and what Lemmy/Kbin do are very different.

                • pjhenry1216@kbin.social
                  link
                  fedilink
                  arrow-up
                  1
                  ·
                  edit-2
                  1 year ago

                  Are you suggesting messaging doesn’t have dominant players or that Google didn’t integrate with XMPP and then eventually break compatibility and some folks argue set back XMPP in mindshare and marketshare.

                  XMPP is essentially an open standard where you can host your own relays. The concept was to fight against iMessage and Google Chat and Blackberry, etc. It was just as popular as lemmy/Kbin is now. Hell, Mastodon dwarfs Lemmy as a whole and isn’t under attack.

                  There’s just no real evidence this is a concerted effort to ruin the fediverse for corporate gain. It’s much cheaper and more profitable to exploit it. It just isn’t worth it right now. Meta sees an opportunity but mainly because it wanted to try and exploit Xwitter’s current state. That’s why it’s not even on the fediverse yet. It’s not that concerned.

                  Occam’s Razor.

                  Edit: added clarification (emphasis added to highlight the change).

    • bemenaker@lemmy.world
      link
      fedilink
      English
      arrow-up
      9
      arrow-down
      3
      ·
      1 year ago

      No way would a company risk being caught being responsible for CP. That would cause a massive backlash in the US socially, and the legal troubles would be huge. And the stock market would also very painfully punish them.

      • 520@kbin.social
        link
        fedilink
        arrow-up
        7
        arrow-down
        5
        ·
        edit-2
        1 year ago

        Do you really think there aren’t ways for a company to avoid having their names put against such operations? A simple anonymous darknet transaction is enough to get this done without anyone’s name being put on it or CSAM touching corporate machines.

        • bemenaker@lemmy.world
          link
          fedilink
          English
          arrow-up
          7
          arrow-down
          3
          ·
          1 year ago

          Risk outweighs the rewards. Especially for something as small as lemmy. Take off the tin foil hat. It doesn’t work like that. Have companies done evil things, yes, but in this case, absolutely no way.

          • 520@kbin.social
            link
            fedilink
            arrow-up
            5
            arrow-down
            8
            ·
            edit-2
            1 year ago

            Risk outweighs the rewards.

            What risk? Keep it off the books, take standard dark web precautions when purchasing such a service and there’s no chance it’ll be traced back to you.

            Especially for something as small as lemmy.

            Small but growing, and steadily establishing itself. That’s a momentum certain companies will want to kill.

            Take off the tin foil hat. It doesn’t work like that.

            ahahahahaha.

            My sweet summer child, I’ve seen it first-hand work EXACTLY like this. I work in the field of offensive security. On the one hand it first amazed me how much big legitimate companies play in that space but then I realised - of fucking course they do. It only takes a bit of know how to sweep most things under the rug.

      • 520@kbin.social
        link
        fedilink
        arrow-up
        10
        arrow-down
        8
        ·
        1 year ago

        Which is why you’re signed in on lemmy.world? Because no one cares about Lemmy?

        • pjhenry1216@kbin.social
          link
          fedilink
          arrow-up
          10
          arrow-down
          4
          ·
          edit-2
          1 year ago

          Lemmy is nowhere near big enough to cause any of the competitors any consternation.

          Edit: to be more clear, the fediverse as a whole isn’t big enough. It’s like believing XMPP is going to cause Apple to worry about iMessage.

        • Steeve@lemmy.ca
          link
          fedilink
          arrow-up
          4
          arrow-down
          8
          ·
          1 year ago

          Obviously their comment was hyperbole, and the literal interpretation is based on the context of the conversation. Do a bit of critical thinking.